Xen project Mailing List

Re: [Xen-users] Access control for the xm command

To: Keith Coleman <list.keith@xxxxxxxxxxx>

From: Grant McWilliams <grantmasterflash@xxxxxxxxx>

Date: Tue, 31 Mar 2009 12:03:42 -0700

Cc: Martti Kuparinen <martti.kuparinen@xxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx

Delivery-date: Tue, 31 Mar 2009 12:04:42 -0700

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=Yqr/vEwUTeuCXDnBNPr/9xCoH2oy69mYRpEsKXEjBCYbSFTxks/AasAPdJPpPTKaFz N4Xw7hQgP5pChV8dUYuzIUojESd0U5X5leB5mmt4QFajfXCdukVqi71fXy8gZIJkvss1 O2VII7oE060rz/V1ua1alItBpMAuzw398cfVA=

List-id: Xen user discussion <xen-users.lists.xensource.com>

On Tue, Mar 31, 2009 at 10:33 AM, Keith Coleman <list.keith@xxxxxxxxxxx> wrote:

On 3/31/09, Martti Kuparinen <martti.kuparinen@xxxxxx> wrote:
> Hi,
>
> ÂSay I have these domUs and their administrators on my dom0:
>
> Âguest Â admin(s)
> Â----- Â --------
> Âvm1 Â Â user1, user3
> Âvm2 Â Â user2, user3
> Âvm3 Â Â user3
>
> ÂEach administrator should be able to do whatever he wants to do with the xm
> command on the domU he's maintaining but he should not be able to perform
> any xm actions on domUs where he's not supposed to have access to. So
> instead of giving general access for "sudo xm ..." I need something more
> fine grained.
>
> ÂInstead of writing my own script to check user's access to the given domU,
> is there any nice wrapper script for xm which already does this kind of
> access control checks? I hate reinventing the wheel again...
>
> ÂMy dom0 is Debian 5.0 with self-compiled Xen 3.3.1 and libvirtd 0.6.1 if
> that makes any difference...
>
> ÂMartti
>

>

Xen Shell - http://www.xen-tools.org/software/xen-shell/

Keith Coleman

_______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users